https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845990#M15347 <HTML><HEAD></HEAD><BODY><P>No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC. </P><P></P><P>For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP</P><P></P><P>Steve </P><P></P><P>Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Sun, 22 Jan 2012 22:33:44 GMT Stephen Rodriguez 2012-01-22T22:33:44Z https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845987#M15344 <P>Is there a way to authenticate a user logging into (telnet/ssh) a lightweight AP using RADIUS or TACACS+?&nbsp; I know you can set global usernames and passwords, but this customer would like to use ACS to authenticate user access to log into their APs.</P> Sun, 04 Jul 2021 04:19:30 GMT https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845987#M15344 AlexZmann 2021-07-04T04:19:30Z https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845988#M15345 <HTML><HEAD></HEAD><BODY><P>That is a good question... However, I don't think there is a way to do that.&nbsp; That would mean you would have to create a AAA client for each AP along with the WLC.</P></BODY></HTML> Wed, 04 Jan 2012 15:41:35 GMT https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845988#M15345 Scott Fella 2012-01-04T15:41:35Z https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845989#M15346 <HTML><HEAD></HEAD><BODY><P>Ok so, this may be a long shot. But a few days back I came across a similar situation where in the APs were doing radius authentication... </P><P></P><P>so what you want to do is (or at least try that out), use port security (dont have the commands) and authenticate using the client mac address. </P><P></P><P>This may sound very vague as I myself did not understand the details of it that much..</P><P></P><P>however, in that scenario the APs were in hreap local switching mode (and use local radius on the AP side). There was some talk of using NEAT and all with the setup but to be honest I couldn't understand much.</P><P></P><P>the other simple thing you can do is create an ACL for the AP subnet and maybe apply some sort of radius authentication or mac filtering on it.</P><P></P><P>Again, I am still not that fimilar with the wired side to comment on it for sure.</P></BODY></HTML> Sun, 22 Jan 2012 22:08:52 GMT https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845989#M15346 Viten Patel 2012-01-22T22:08:52Z https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845990#M15347 <HTML><HEAD></HEAD><BODY><P>No this is not currently a feature in the CUWN architecture you would login to the WLC to configure the AP, 98% if the time. And you can co figure TACACS to the WLC. </P><P></P><P>For the other two percent of the time you would enable telnet/ssh for the AP and set a username/password Combe there. It can be done globally or per AP</P><P></P><P>Steve </P><P></P><P>Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Sun, 22 Jan 2012 22:33:44 GMT https://community.cisco.com/t5/wireless/aaa-authentication-lightweight-ap/m-p/1845990#M15347 Stephen Rodriguez 2012-01-22T22:33:44Z